The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Trying to get rid of RC4 encryption in WHM

Discussion in 'Security' started by Austin Cushing, May 5, 2015.

  1. Austin Cushing

    Austin Cushing Registered

    Joined:
    May 5, 2015
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    West Berlin
    cPanel Access Level:
    Website Owner
    So in short, the current version of Firefox is blocking access to one of my sites (domain.com) because it's using RC4 encryption. Reading up on the subject, I can understand why. The problem is, I can't for the life of me figure out what I'm doing wrong in changing it to -stop- using RC4. I am hosting through Bluehost at VPS level, which means I have access to WHM. Via Include Editor and what information I have on the subject, I have changed the Pre Main Includes for All Versions to have the following:

    Code:
    SSLProtocol all -SSLv2 -SSLv3
    SSLHonorCipherOrder on
    SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS
    
    ...because supposedly, that was an optimum security configuration (and most importantly, has no mention at all of RC4 in the first place. Doesn't work - according to tests, it still uses RC4. Likewise, using Global Configuration and entering that line in SSLCipherSuite, while accepted, still doesn't work. I've asked Bluehost, who basically pointed me at the Include Editor and an article on the subject and said 'you're on your own'; I figured that it might be smart to at least try asking here in case there's something I'm missing or something I need to do that I don't know about.

    What am I doing wrong, and what do I need to do to get my site to be secure (and thus viewable)?
     
    #1 Austin Cushing, May 5, 2015
    Last edited by a moderator: May 5, 2015
  2. Austin Cushing

    Austin Cushing Registered

    Joined:
    May 5, 2015
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    West Berlin
    cPanel Access Level:
    Website Owner
    (Smiley faces are actually : and D, it apparently autoformats.)
     
  3. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,461
    Likes Received:
    195
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Painfully so. Wrapping in code tags takes some of the pain away though. ;)
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,762
    Likes Received:
    662
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello,

    Please ensure you remove the custom entries you added via the include editor and use the instructions at the following document when attempting to change the cipher protocols:

    How to Adjust Cipher Protocols

    Thank you.
     
  5. mark sutton

    mark sutton Registered

    Joined:
    Jan 25, 2016
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    United Kingdom
    cPanel Access Level:
    Root Administrator
    Hi,

    Did you manage to resolve this in the end as I'm also having this problem, made worse by the fact that Chrome 48.0.2564.82 m is now blocking RC4 Connections and so is blocking users to my site.

    I've tried changing the cipher code to the Mozilla intermediate recommended cipher but the changes haven't taken affect.

    Thanks,

    Mark
     
  6. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,762
    Likes Received:
    662
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Could you let us know which method you used to update the cipher protocols, and the exact entry you added?

    Thank you.
     
  7. mark sutton

    mark sutton Registered

    Joined:
    Jan 25, 2016
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    United Kingdom
    cPanel Access Level:
    Root Administrator
    I updated the cipher via WHM Home >> Service Configuration >> Apache Configuration >> Global Configuration

    Using cipher:
    ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA

    Protocol: all -SSLv2 -SSLv3
     
  8. mark sutton

    mark sutton Registered

    Joined:
    Jan 25, 2016
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    United Kingdom
    cPanel Access Level:
    Root Administrator
    Update

    This has now been resolved, Bluehost reinstalled the security certificate which fixed the problem.

    Thanks,

    Mark
     
  9. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,762
    Likes Received:
    662
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
Loading...

Share This Page